[44473] in North American Network Operators' Group
Re: ACLs / Filter Lists - Best Practices
daemon@ATHENA.MIT.EDU (Nicolas FISCHBACH)
Wed Nov 28 13:27:03 2001
Message-ID: <3C052C4A.C58A70B3@securite.org>
Date: Wed, 28 Nov 2001 19:26:18 +0100
From: Nicolas FISCHBACH <nicolist@securite.org>
MIME-Version: 1.0
To: John McBrayne <mcbrayne@caspiannetworks.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
John McBrayne wrote:
>
> Is anyone aware of any current "best practices" related to the
> recommended set of filtering rules (Cisco ACL lists or Juniper filter
> sets) for reasons of Security, statistics collection, DoS attack
> analysis/prevention, etc.? I'm curious to see if there are any such
> recommendations for Tier 1/Tier 2 backbone routers, peering points,
> etc., as opposed to CPE terminations or Enterprise/LAN equipment
> recommendations.
>
> Actual config file examples would be great, if they exist.
Protecting your IP network infrastructure (talk @BlackHat Briefings)
(how to secure Cisco routers and (multi-layer) switches running IOS,
CatOS, CatIOS and the networks they interconnect) :
http://www.securite.org/presentations/secip/
Any feedback, comments, fixes, ideas are welcome :-)
Nico.
--
Nicolas FISCHBACH (nico@securite.org) <http://www.securite.org/nico/>
Senior IP&Security Engineer - Professional Services - COLT Telecom AG
Securite.Org Team <http://www.securite.org/>
